HostedDB - Dedicated UNIX Servers
index_5
UNCLASSIFIED Preface Version 1.0g  UNCLASSIFIED 5   Preface Routers direct and control much of the data flowing across computer networks.  This guide provides technical guidance intended to help network administrators and security officers improve the security of their networks.  Using the information presented here, you can configure your routers to control access, resist attacks, shield other network components, and even protect the integrity and confidentiality of network traffic. This guide was developed in response to numerous questions and requests for assistance received by the NSA System and Network Attack Center (SNAC).  The topics covered in the guide were selected on the basis of customer interest, and the SNAC’s background in securing networks.    The goal for this guide is a simple one: improve the security provided by routers on US Department of Defense (DOD) operational networks.   Who Should Use This Guide  Network administrators and network security officers are the primary audience for this configuration guide, throughout the text the familiar pronoun “you” is used for guidance directed specifically to them.  Most network administrators are responsible for managing the connections among parts of their networks, and between their network and various other networks.  Network security officers are usually responsible for selecting and deploying the assurance measures applied to their networks.  For this audience, this guide provides security goals and guidance, along with specific examples of configuring Cisco routers to meet those goals. Firewall administrators are another intended audience for this guide.  Often, firewalls are employed in conjunction with filtering routers; the overall perimeter security of an enclave benefits when the configurations of the firewall and router are complementary.  While this guide does not discuss general firewall topics in any depth, it does provide information that firewall administrators need to configure their routers to actively support their perimeter security policies. Section 5 includes information on using the firewall features of the Cisco Integrated Security facility. Information System Security Engineers (ISSEs) may also find this guide useful.   Using it, an ISSE can gain greater familiarity with security services that routers can provide, and use that knowledge to incorporate routers more effectively into the secure network configurations that they design. Sections 4, 5, and 6 of this guide are designed for use with routers made by Cisco Systems, and running Cisco’s IOS software. The descriptions and examples in those sections were written with the assumption that the reader is familiar with basic Cisco router operations and command syntax.